eCommerce, Privacy, and Cybersecurity

Venable offers full-service solutions to everything from routine to novel privacy and cybersecurity challenges. Our team brings to bear significant experience and industry knowledge to help clients satisfy data privacy and security laws and maximize their business potential.

Fully immersed in all aspects of data privacy, cybersecurity, and information governance, Venable is unique among privacy and cybersecurity practices. We participate in legislative advocacy, rulemakings, and development of new legal standards. Our team advises organizations with regard to industry best practices and drafting codes of conduct and standards, helping them stay compliant with federal, state, international, and self-regulatory requirements. We provide proactive counseling to guide clients through the potential risks and liabilities associated with corporate transactions. And if government enforcement actions or litigation arise, Venable vigorously defends our clients, mounting challenges to agency regulations and litigating privacy issues and class-action lawsuits.

We strengthen the integrity of our client’s data, ecommerce security, and customer or user records; develop internal data collection and use practices; and ensure the creation of sound privacy policies and procedures. We shepherd clients through data-security incidents, and privacy and consumer protection matters, and represent them in connection with corresponding litigation and government enforcement actions. We build and lead coalitions and self-regulatory efforts, and represent leading trade associations in the space.

Our dexterity makes us a powerful ally in the responsible use of data, giving our clients the confidence to innovate and achieve their objectives while providing consumers and customers with products and services they value.

Venable has the oldest and deepest privacy practice in the country, with extensive experience in an array of industries, including advertising, automotive, banking and consumer finance, communications, emerging technologies, hospitality, information services, Internet, marketing, media, and retail, among others. As part of our role as strategic advisors, our coalition-building has placed us at the center of privacy, data security, and cybersecurity policy.

Our team is engaged in both policy creation and the provision of legal services through our representation of companies in high-stakes investigations and litigation. Venable attorneys regularly interact with key government officials to stay abreast of legal and regulatory developments, and collaborate with congressional offices and agencies in the development and evolution of laws and regulations. This experience makes us uniquely suited to offer strategic counsel and representation when compliance is questioned. We have defended clients against regulatory and congressional enforcement scrutiny and challenged agency regulations, as well as handled state inquiries, privacy class action lawsuits, and crisis management situations. Our team has also counseled multiple clients on their incident response plans, vendor due diligence process, privacy and data security governance and reporting structure, and other elements of their cybersecurity infrastructure.

Experience

+

Served as lead counsel to a major retailer in various crisis response capacities, including orchestrating, strategizing, and leading congressional witness preparation; serving as “first chair” during the client’s testimony at U.S. House and Senate hearings; coordinating responses to other simultaneous government investigations; counseling on media and communications; and delivering legal guidance to the C-suite and government affairs team

Successfully defended a media company in an investigation by the FTC arising from allegations that the company circumvented browser privacy settings when using online ad-serving technology

Provided legal and strategic counsel to a hospitality company with respect to two successive data breaches. This included representation of the company in connection with responding to state attorney general inquiries, and in negotiations of fine payments with credit card companies and insurance providers

Successfully represented a major cable television company in class action suits filed under the privacy provisions of the Cable Communications and Policy Act of 1984

Represented trade associations seeking to strike down financial privacy regulations issued by the FTC, the Securities and Exchange Commission (SEC), and the federal banking agencies pursuant to the Gramm-Leach-Bliley Act (GLBA), and challenging the national “Do Not Call” registry and related FTC telemarketing regulations

Worked with the Digital Advertising Alliance (DAA) to develop its PoliticalAds self-regulatory program, bringing transparency and accountability to the digital political advertising ecosystem. Fueled by reports of abuses of digital political advertising in the presidential elections, Venable helped the DAA develop the program and within months secure its adoption by a state board of elections

Provided advice and developed educational materials for an ad tech company to inform the European Parliament about how digital advertising fuels the economy and benefits consumers, in preparation for the General Data Protection Regulation (GDPR)

Entered into immersive, supporting relationships with an American entertainment company working with varying business models to provide around-the-clock assistance and served effectively as in-house counsel

Represented a health services marketer in connection with the requirements of the Health Information Portability and Accountability Act (HIPAA) related to pharmaceutical discount cards

Provided legal guidance and counseling with respect to a brand’s and a marketing solutions provider’s compliance obligations under the California Consumer Privacy Act (CCPA), which the state attorney general will begin enforcement of in July 2020, and created a priority list of business concerns for senior management regarding the law

Provided ongoing counseling to a global company as it rolled out new data collection practices, beginning with an assessment of potential legal and regulatory exposure related to the anticipated data collection practices, and concluding with new consumer consent language for inclusion in customer agreements

Assisted a transportation solutions and logistics company with data ownership issues arising from agreements with vehicle manufacturers with which it engaged in early-phase autonomous vehicle programs

Advised a direct marketing company on privacy and data security issues relating to the sale of a controlling stake in several prominent lines of business

Advised a multinational information technology services company on all privacy and data security matters relating to its acquisition of a leading cloud billing solutions company

Helped review the privacy incident response plans and facilitated tabletop exercises to help ensure that internal privacy and security teams at multiple companies are prepared to respond to new types of data security incidents